Identificações

Protect your Java web application from the consequences of uploading large files

Problem Description:Sometimes in our web applications, we provide HTML file inputs to our application users so they can upload their documents to the server.

BUT what will happen if a user or more upload a 3 or 4 or more giga bytes files to the server in the same time?Unfortunately the server may have an OutOfMemory exception.

Another problem is that the client side file size validation is not supported on all browsers for security reasons (Actually the only allowed file size validation is on IE through the "Scripting.FileSystemObject" ActiveX control). So this sort of validation unfortunately has to be done on the server side???

Problem Solution:Limiting the HTTP post size through setting a value for the (PostSizeLimit) parameter in the HTTP server.In the IBM HTTP server (for example), this parameter exists in a file called (plugin-cfg.xml) under (/WebSphere/AppServer/config/cells).

Setting the PostSizeLimit to "20971520" means that the maximum file size to be allowed is 20 MB.And setting the PostSizeLimit parameter to "-1" means unlimited post size.